List for announcements regarding Qt releases and development via Announce via Development wrote: > A recent potential divide by zero in Qt SVG has been reported and has been > assigned the CVE id CVE-2023-32573.
Same as in the more recent Qt SVG CVE: The vulnerable code (the Qt SVG classes) was introduced in Qt 4.1, so Qt versions prior to 4.1 (i.e., 4.0.x or older, such as Qt 3) are not vulnerable. > Patches: > > dev: https://codereview.qt-project.org/c/qt/qtsvg/+/474093 > Qt 6.5: https://codereview.qt-project.org/c/qt/qtsvg/+/474404 or > https://download.qt.io/official_releases/qt/6.5/CVE-2023-32573-qtsvg-6.5.diff > Qt 6.2: > https://download.qt.io/official_releases/qt/6.2/CVE-2023-32573-qtsvg-6.2.diff > Qt 5.15: > https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff Qt 4.8.7, backported by Than Ngo: https://src.fedoraproject.org/rpms/qt/raw/rawhide/f/qt-CVE-2023-32573.patch Kevin Kofler -- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
